FUWIN.EXE is Worm Dorkbot
The file FUWIN.EXE is a computer worm.
The worm FUWIN.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the FUWIN.EXE problem as soon as possible!
Delete the file FUWIN.EXE from all infected computers in your network.
Set up your network firewall against FUWIN.EXE intervention.
Malware Analysis of FUWIN.EXE
Full path on a computer: %Profile%\fuwin.exe
Detected by UnHackMe:
Item Name: taskman
Author: Unknown
Related File: C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\AVMSC.EXE
Type: Winlogon System
Item Name: fuwin.exe
Author: Adobe Systems Incorporated
Related File: %PROFILE%\FUWIN.EXE
Type: Detected using Heuristic Algorithm
Removal Results: Success
Number of reboot: 1
FUWIN.EXE is known as:
Worm.Dorkbot, Trojan-Ransom.Gimemo, Backdoor.IRC.NgrBot
FUWIN.EXE hash:
- MD5: 018eb836a42acd229f7d925e245f9180
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect FUWIN.EXE presence?
Registry:
Folders:
Files:
Registry:- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman: “c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\avmsc.exe”
Folders:- C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013
Files:- %Temp%\12749.dmp
- %Temp%\2457_appcompat.txt
- %Profile%\fuwin.exe
- C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\avmsc.exe
- C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
